<?php
	/**
	 * 
	 * User model
	 * @author Tri
	 *
	 */
	class UserModel extends Model {
        /**
         * Constructor
         */
        function __construct()
        {
            parent::__construct();
            require_once DRUPAL_ROOT . '/includes/1bootstrap.inc';
            drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
            require_once DRUPAL_ROOT .'/includes/password.inc';
            //menu_execute_active_handler();
            //include_once DRUPAL_ROOT_D .'/passworddrupal.php';
        }
        
        /**
         * 
         * Gets user by user id
         * @param integer $id
         */
		function loadUserById($id){
			$sql = "select * from user where id = ?";
			$values = array();
			$values[0] = $id;
			$types = array();
			$types[0] = "integer";
			return $this->execute_query($sql, $values, $types);
		}
        
		/**
		 * 
		 * Check duplicated username
		 * @param string $username
		 */
		function checkUsernameExist($username){
            $sql = "select * from users where name = '".$username."'";
            $res = $this->execute_query($sql);
            if(count($res) != 0){
                return true;
            }
            return false;
        }
        
	/**
		 * 
		 * Check duplicated email
		 * @param string $email
		 */
		function checkEmailExist($email){
            $sql = "select * from users where mail = '".$email."'";
            $res = $this->execute_query($sql);
            if(count($res) != 0){
                return true;
            }
            return false;
        }
        
        /**
         * 
         * Hashing password using drupals
         * @param string $password
         */
        function hash_password($password){
            //return drupalPassword::hash_password($password);
            return user_hash_password($password);
        }
        
        /**
         * 
         * Check password using drupal
         * @param string $password
         * @param string $accountpass
         */
        function check_password($password, $accountpass) {
            //return drupalPassword::check_password($password, $accountpass);
            
            if (substr($accountpass, 0, 2) == 'U$') {
                $stored_hash = substr($accountpass, 1);
                $password = md5($password);
            }
            else {
                $stored_hash = $accountpass;
            }

            $type = substr($stored_hash, 0, 3);
            switch ($type) {
                case '$S$':
                    // A normal Drupal 7 password using sha512.
                    $hash = _password_crypt('sha512', $password, $stored_hash);
                    break;
                case '$H$':
                    // phpBB3 uses "$H$" for the same thing as "$P$".
                case '$P$':
                    // A phpass password generated using md5.  This is an
                    // imported password or from an earlier Drupal version.
                    $hash = _password_crypt('md5', $password, $stored_hash);
                    break;
                default:
                    return FALSE;
            }
            return ($hash && $stored_hash == $hash);
        }
        
        /**
         * 
         * Login function
         * @param string $username
         * @param string $password
         */
        function login($username, $password){
            $password_hash = user_hash_password($password);
            
            $data_password = '';
            //kiem tra username
            $sql = "select * from users where name = '".$username."'";
            /*$sql = "select * from users where name = ?";
            $values = array();
            $values[0] = $password;
            $types = array();
            $types[0] = "string";
            $res = $this->execute_query($sql, $values, $types);*/
            
            $res = $this->execute_query($sql);
            if(count($res) == 1){//co user
                $data_password = $res[0]['pass'];
            }
            
            $flag_1 = $this->check_password($password,$password_hash);
            //var_dump($flag_1);
            $flag_2 = $this->check_password($password,$data_password);
            //var_dump($flag_2);
            if($flag_1 == true && $flag_2 == true){
                //dang nhap thanh cong
                return $res[0];
            }else{
                return false;
            }
        }
        
        /**
         * Register
         * 
         * @param text $username
         * @param text $password
         * @param text $email
         */
		function register($username, $password, $email){
            $password = user_hash_password($password);
            $sql_max = "SELECT MAX(uid) As uid_max FROM users";
            $res_max = $this->execute_query($sql_max);
            $uid = $res_max[0]['uid_max']+1;

            $sql = "INSERT INTO `users` (`uid`, `name`, `pass`, `mail`, `theme`, `signature`, `signature_format`, `created`, `access`, `login`, `status`, `timezone`, `language`, `picture`, `init`, `data`) VALUES (".$uid.", '".$username."', '".$password."', '".$email."', '', '', 'filtered_html', 1324263612, 0, 0, 1, 'Asia/Saigon', 'vi', 0, 'xxzcxz@yahoo.com', NULL)";
            $res = $this->execute_command($sql);
            
            $insert_store = "INSERT INTO `store` (`name`, `address`, `description`, `url`, `rating`, `logo`, `phone`, `map`, `user_id`, `premium`, `product_count`, `contact_person`, `status`) VALUES ('".$username."', '', '','', 0, '', 0, '', ".$uid.", NULL, 0, '', 0)";
            $res_insert = $this->execute_command($insert_store);
            return array('uid' => $uid, 'name' => $username, 'mail' => $email);
        }
	}
?>